sign: Include rekor entry ID in output

[stephen-fox]

Summary

cosign's sign* commands currently output a signature's transparency log index number (as of v2.2.4). As an enhancement, it would be helpful if cosign also output the rekor entry ID.

Details

rekor entries can be searched using an index number. However, the index number does not include the log tree (or "shard") ID. These identifiers are created by rekor log sharding.

The rekor entry ID consists of the shard ID and an entry-specific UUID (the latter appears to be the hash of the Merkle tree leaf). Knowing the entry ID allows end users to determine which shard the entry exists in.

It would be helpful to include it in cosign's output for informational and historical purposes.

A quick note on terminology

For those unfamiliar, the use of the term entry ID appears to be relatively recent. The original value was referred to as a "UUID". The rekor-cli still refers to the entry ID as a UUID. The following GitHub issues and pull requests provide some context for this change.

• Standardize use of terminology re: UUID vs. EntryID rekor#625
• Create EntryID for new artifacts and return EntryID to user rekor#623
• Temporal Log Sharding rekor#353
• Support UUID --> shard ID parsing rekor#487

[haydentherapper]

SGTM, would you like to make the change?